When opening Tor Browser on a laptop, the screen size reported on panopticlick is 1000x700x24 with a fingerprint of 1 in 15,000, which is not bad, I guess.

Re-opening Tor Browser with an external monitor attached, the window size is visibly different and the reported screen size on panopticlick is accordingly different: the fingerprint becomes 1 in 100,000.

Why doesn't TorBrowser use the same screen size everywhere? It seems that using an external monitor can make one stand out among Tor Browser users.

1 Answer
1

Screen sizes differ between laptops, a hard set screensize would result on a browser that was too small for users on one system or too large to even display on other systems.

Instead it picks a size that is some multiple of 200x100, with 1000x1000 as the maximum size, and uses that to pick an appropriate size to make the window, this provides a work around solution that works for all screen sizes and doesn't reveal specifics of the hardware/software setup that it is running on.

Both CSS and JavaScript have access to a lot of information about the screen resolution, usable desktop size, OS widget size, toolbar size, title bar size, and OS desktop widget sizing information that are not at all relevant to rendering and serve only to provide information for fingerprinting. Since many aspects of desktop widget positioning and size are user configurable, these properties yield customized information about the computer, even beyond the monitor size.

Design Goal: Our design goal here is to reduce the resolution information down to the bare minimum required for properly rendering inside a content window. We intend to report all rendering information correctly with respect to the size and properties of the content window, but report an effective size of 0 for all border material, and also report that the desktop is only as big as the inner content window. Additionally, new browser windows are sized such that their content windows are one of a few fixed sizes based on the user's desktop resolution. In addition, to further reduce resolution-based fingerprinting, we are investigating zoom/viewport-based mechanisms that might allow us to always report the same desktop resolution regardless of the actual size of the content window, and simply scale to make up the difference. As an alternative to zoom-based solutions we are testing a different approach in our alpha series that tries to round the browser window at all times to a multiple 200x100 pixels. Regardless which solution we finally pick, until it will be available the user should also be informed that maximizing their windows can lead to fingerprintability under the current scheme.

Implementation Status: We automatically resize new browser windows to a 200x100 pixel multiple based on desktop resolution which is provided by a Firefox patch. To minimize the effect of the long tail of large monitor sizes, we also cap the window size at 1000 pixels in each direction. In addition to that we set privacy.resistFingerprinting to true to use the client content window size for window.screen, and to report a window.devicePixelRatio of 1.0. Similarly, we use that preference to return content window relative points for DOM events. We also force popups to open in new tabs (via browser.link.open_newwindow.restriction), to avoid full-screen popups inferring information about the browser resolution. In addition, we prevent auto-maximizing on browser start, and inform users that maximized windows are detrimental to privacy in this mode.